我在asp.net mvc中启用了Windows身份验证,如下所示。
<authentication mode="Windows">
</authentication>
我在维基百科上阅读了以下声明。
集成Windows身份验证本身不是标准协议或身份验证协议。
那么,当我们使用Windows身份验证时,实际上会验证什么?
参考
You can use Windows authentication when your IIS 7 server runs on a corporate network that is using Microsoft Active Directory service domain identities or other Windows accounts to identify users. Because of this, you can use Windows authentication whether or not your server is a member of an Active Directory domain.
Windows authentication (formerly named NTLM, and also referred to as Windows NT Challenge/Response authentication) is a secure form of authentication because the user name and password are hashed before being sent across the network.
Integrated Windows Authentication itself is not a standard or an authentication protocol. Integrated Windows Authentication works with most modern web browsers,but does not work over HTTP proxy servers. Therefore, it is best for use in intranets where all the clients are within a single domain. It may work with other Web browsers if they have been configured to pass the user's logon credentials to the server that is requesting authentication.
答案 0 :(得分:1)
它取决于实际的协议。
在基本身份验证中,用户名/密码将发送到服务器。 在摘要中,散列被发送,但是很少使用摘要,因为它在活动目录端需要普通密码,虽然它可以打开但没有人使用它。 在ntlm中,在用户,服务器和AD之间进行协商。 在kerberos中,浏览器首先从AD获取auth票证,然后将其发送以进行验证。
所谓的所有&#34; Windows&#34;身份验证方案基于浏览器支持的401 Challenge流程,有趣的是,使用自定义模块,您不需要为401流程提供AD,但您可以使用任何自定义用户后备存储。
http://www.wiktorzychla.com/2013/11/basic-authentication-module-with-custom.html